Previous: vnc_sec_certificate_pw, Up: vnc_security


3.10.6 Generating certificates for VNC

The GNU TLS packages provides a command called certtool which can be used to generate certificates and keys in PEM format. At a minimum it is neccessary to setup a certificate authority, and issue certificates to each server. If using certificates for authentication, then each client will also need to be issued a certificate. The recommendation is for the server to keep its certificates in either /etc/pki/qemu or for unprivileged users in $HOME/.pki/qemu.